What is the difference between a Gateway and a Firewall?This type of question can be easily answered with a simple web search. As you continue to learn more about security it will help to be proactive about searching out for the answers yourself. In addition to being faster you'll also gain more domain knowledge as you expose yourself to more technical detail, rather than only getting 'pre-chewed' information. Best of luck in your endeavors.

Bypassing Web Application input validationMaybe, but not in practice. shrugs Firewalls that look for this type of stuff generally look at it two ways; known encoding schemes and statistical algorithm analysis. Everything is everything 'in theory', that doesn't make it a good idea to try and identify it all. IMO.

How do cellphones discover wireless APs?The phone will initiate the connection utilizing information contained in the beacon frame OR that is pre configured in the device. For example, you might have a private AP that isn't broadcasting. Your phone could still connect to that AP if you know certain information, such as the ESSID. Once the device(phone) negotiates a connection to the AP it is connected to that network and 'normal' networking protocols take over. The device does initiate the connection, but the AP is identified (re: your question) through a beacon frame or direct specification.

Should I use SSL on my database server?I would say yes. Remember that your web server is on a public facing network and it is going to be broadcasting back to your DB in one fashion or another. I also suspect that your database does have a public facing aspect since you're getting to it from your web server, but I don't know how rackspace sets up their kit. It's possibly worth looking into how your services are structured but yes, I'd still recommend using SSL/TLS.